Date: Thu, 20 Aug 2015 15:12:18 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r394886 - head/security/vuxml Message-ID: <201508201512.t7KFCIk3092723@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Thu Aug 20 15:12:18 2015 New Revision: 394886 URL: https://svnweb.freebsd.org/changeset/ports/394886 Log: graphics/jasper new CVE added to entry Security: f1692469-45ce-11e5-adde-14dae9d210b8 Security: CVE-2015-5221 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Aug 20 15:11:17 2015 (r394885) +++ head/security/vuxml/vuln.xml Thu Aug 20 15:12:18 2015 (r394886) @@ -216,7 +216,7 @@ Notes: </vuln> <vuln vid="f1692469-45ce-11e5-adde-14dae9d210b8"> - <topic>jasper -- double free in jasper_image_stop_load()</topic> + <topic>jasper -- multiple vulnerabilities</topic> <affects> <package> <name>jasper</name> @@ -232,16 +232,25 @@ Notes: A specially crafted file could cause an application using JasPer to crash.</p> </blockquote> + <p>Feist Josselin reports:</p> + <blockquote cite="http://seclists.org/oss-sec/2015/q3/408"> + <p>A new use-after-free was found in Jasper JPEG-200. The + use-after-free appears in the function mif_process_cmpt of the + src/libjasper/mif/mif_cod.c file.</p> + </blockquote> </body> </description> <references> <url>https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c0</url> <url>http://seclists.org/oss-sec/2015/q3/366</url> + <url>http://seclists.org/oss-sec/2015/q3/408</url> <cvename>CVE-2015-5203</cvename> + <cvename>CVE-2015-5221</cvename> </references> <dates> <discovery>2015-08-17</discovery> <entry>2015-08-18</entry> + <modified>2015-08-20</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201508201512.t7KFCIk3092723>